The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 31 Issue 57

Monday 10 February 2020

Contents

Backhoes, squirrels, and woodpeckers as DoS vectors
Richard Forno
Benjamin Netanyahu's election app potentially exposed data for every Israeli voter
WashPost
The app that broke the Iowa caucus, an inside look
CNET
Tesla Remotely Removes Autopilot Features From Customer's Used Tesla Without Any Notice
Clean Technica
Recent Car Thefts May Be Related To Carsharing App Getaround, Warns D.C. Attorney General
DCist
SSL Certificates are expiring...
Cryptography
Nasty Linux, macOS sudo bug found and fixed
ZDNet
Cisco Flaws Put Millions of Workplace Devices at Risk
WiReD
Data leakage from portable versions of Open Office and Libre Office
Arthur T.
Facebook's Bug Bounty Caught a Data-Stealing Spree
WiReD
The `manosphere' is getting more toxic as angry men join the incels
MIT Tech Review
Explainable AI
Chris Els=C3=A4sser
Read the FBI's Damning Case Against the Recently Arrested Nintendo Hacker
Vice
Who owns your feelings? Short doc shows how big tech uses AI to track emotions
CBC
Photo Roulette on the App Store
Gabe Goldberg
The 'race to 5G' is a myth
WEForum
Not all fun and memes: What's the trouble with TikTok?
CBC
The Night Sky Will Never Be the Same
The Atlantic
Boeing's Starliner space capsule suffered a second software glitch during December test flight
WashPost
Boeing Refuses to Cooperate With New Inquiry into Deadly Crash
NYTimes
NASA Shares Initial Findings from Boeing Starliner Orbital Flight Test Investigation
NASA
Re: Boeing 737s can't land facing west
Terje Mathisen
Re: 99 smartphones ...
3daygoaty
JC Cantrell
Re: Artificial intelligence-created medicine to be used on humans for first time
Mark Thorson
Re: AI-created medicine to be used on humans
Henry Baker
Re: Election Security At The Chip Level
John R. Levine
Re: Should Automakers Be Responsible for Accidents?
Gabe Goldberg
Info on RISKS (comp.risks)

Backhoes, squirrels, and woodpeckers as DoS vectors

Richard Forno <rforno@infowarrior.org>
Mon, 10 Feb 2020 08:53:28 -0500
[The video shows] a wireless antenna in California. Network coverage was
disrupted by an Acorn woodpecker, a 3-ounce bird stashing an estimated 35-50
gallons/300lbs of acorns.

http://twitter.com/gunsnrosesgirl3/status/1226715791443148800

  Social media have been attributing this to squirrels for a long time.  I
  of course try to correct people anytime I see this.  It just proves that
  attribution can be really difficult.  RF

  [We have had numerous squirrel and a few notable backhoe stories in the
  RISKS archives.  But woodpeckers also have had their opportunities, e.g.,
  in RISKS-17.16: “Woodpeckers could delay shuttle.''  Furthermore, I note
  that the quote "If builders built houses the way programmers write
  programs, the first woodpecker that came along would destroy
  civilization." managed to peck its way into *three* different issues,
  RISKS-10.07 (June 1990), 23.74 (Feb 2005), and 28.21 (August 2014), so
  they keep coming back.  A hardy bunch, these woodpeckers.  They really get
  around.  Indeed, they really get a round hole where there are not even any
  square pegs. PGN]


Benjamin Netanyahu's election app potentially exposed data for every Israeli voter (WashPost)

Lauren Weinstein <lauren@vortex.com>
Mon, 10 Feb 2020 08:36:47 -0800
https://www.washingtonpost.com/world/middle_east/benjamin-netanyahus-election-app-potentially-exposed-data-for-every-israeli-voter/2020/02/10/98f606c0-4bfe-11ea-967b-e074d302c7d4_story.html


The app that broke the Iowa caucus, an inside look (CNET)

geoff goodfellow <geoff@iconia.com>
Thu, 6 Feb 2020 16:45:00 -0700
*A cybersecurity company got hold of the code for Shadow, the app used in
the Iowa caucus, and spoke to CNET about what it found*

EXCERPT:

Results from Monday's Iowa caucus were delayed for days because of problems
with a smartphone app used to tabulate and report results, causing chaos and
frustration among campaigns and voters. A reported coding issue caused the
app to only report out partial data, Iowa Democratic Chairman Troy Price
said in a statement.

<https://www.cnet.com/news/as-iowa-caucuses-arrive-facebook-has-a-trust-problem/>
<https://www.cnet.com/news/iowa-caucus-results-delayed-due-to-reporting-inconsistencies-after-switching-to-new-tech-system/>
<https://www.cnet.com/news/iowa-caucus-app-debacle-what-went-wrong/>

Cybersecurity company Blue Hexagon obtained a copy of the app, created by a
company called Shadow, Inc. Blue Hexagon's head of cyberthreat intelligence
and operations, Irfan Asrar, spoke with CNET's Dan Patterson about what went
wrong and the overarching cybersecurity concerns this presents for the rest
of the 2020 election.
<https://www.cbsnews.com/video/cyber-experts-weigh-in-on-the-app-that-crashed-the-iowa-caucus/>
<https://www.zdnet.com/article/the-scariest-hacks-and-vulnerabilities-of-2019/>

Blue Hexagon is still diagnosing exactly why the app failed. But the final
version of the app has several problems within the code, including links to
people's personal websites, Asrar said.  "What we believe is, this is an
oversight, and an example of the app being rushed into production," he
added.  The larger concern is that the app was so easy to obtain, which
means anyone could access the infrastructure supporting it and potentially
cause damage, Asrar said.

Watch the video for the full interview
<https://www.cnet.com/videos/inside-shadow-an-exclusive-look-at-the-mobile-app-that-broke-the-iowa-caucus/>
and more insight into the Shadow, Inc. app. [...]
https://www.cnet.com/news/the-app-that-broke-the-iowa-caucus-an-inside-look/

  [The whole situation smells of gross incompetence, trust in flaky
  outsourcing, lack of assurance, testing, and many other problems long
  considered in RISKS.  If every computer system is simply badly conceived
  and ultimately flawed and compromisable internally or externally, why
  would you expect anything else here?

  In addition to all of the above, Rachel Maddow had on her 6 Feb 2020 show
  a reprise of the massive denial of service in 2002 in the New Hampshire
  election for Sununu that disrupted telephone banks intending to get out
  the vote for Democrats.  This exact DoS was repeated by the Reps in 2020
  to totally disrupt the Iowa caucus after the Dems turned to phone lines to
  call in the results.  This kind of disruption is clearly out of control,
  even with the Dem's having overprovisioned their servers.  PGN]


Tesla Remotely Removes Autopilot Features From Customer's Used Tesla Without Any Notice (Clean Technica)

geoff goodfellow <geoff@iconia.com>
Mon, 10 Feb 2020 08:54:45 -0700
EXCERPT:

One of the less-considered side effects of car features moving from
hardware to software is that important features and abilities of a car can
now be removed without any actual contact with a given car. Where once
de-contenting involved at least a screwdriver (or, if you were in a hurry,
a hammer), now thousands of dollars of options can vanish with the click of
a mouse somewhere. And that's exactly what happened to one Tesla owner,
and, it seems many others.

Alec (I'll withhold his last name for privacy reasons) bought a 2017 Tesla
Model S on December 20 of last year, from a third-party dealer who bought
the car directly from Tesla via auction on November 15, 2019. The car was
sold at auction as a result of a California Lemon Law buyback, as the car
suffered from a well-known issue where the center-stack screen developed a
noticeable yellow border.
<https://cleantechnica.com/2019/07/06/tesla-rolls-out-uv-light-fix-for-yellowing-screen-border/>

When the dealer bought the car at auction from Tesla on November 15, it was
optioned with both Enhanced Autopilot and Tesla's confusingly-named Full
Self Driving Capability
together, these options totaled $8,000. You can see them right on the
Monroney sticker for the car:...
<https://jalopnik.com/tesla-is-still-using-the-phrase-full-self-driving-to-de-1835012651>
https://jalopnik.com/tesla-remotely-removes-autopilot-features-from-customer-1841472617


Recent Car Thefts May Be Related To Carsharing App Getaround, Warns D.C. Attorney General (DCist)

Gabe Goldberg <gabe@gabegold.com>
Wed, 5 Feb 2020 18:05:36 -0500
"Vehicles listed on Getaround could be at increased risk of theft because
keys are left inside of the car and the car's location is visible to anyone
searching the platform," according to a release from the OAG.

https://dcist.com/story/20/02/05/recent-car-thefts-may-be-related-to-carsharing-app-getaround-warns-d-c-attorney-general/

Ya think?


SSL Certificates are expiring... (Cryptography)

Henry Baker <hbaker1@pipeline.com>
February 1, 2020 at 9:08:55 AM GMT+9
“Forget the Y2K bug, "things" are starting to break as SSL Certificates
start expiring.''

Several authority certificates are expiring:
  5/30/2020
  6/21/2020
  9/22/2020
  12/31/2020

IoT—Internet of Expired Certificates.

Perfectly good HW, but with firmware that can't be updated.

I just hope that implantable medical devices can have their builtin
certificates updated!

I wonder how many "smart" *cars* will stop running when their builtin SSL
certificates expire?

Problems: bad hash functions (MDx,SHA1) are also causing certificate
problems even though the RSA algorithm—even at 1024 bits—still seems
to be holding.


Nasty Linux, macOS sudo bug found and fixed (ZDNet)

Gabe Goldberg <gabe@gabegold.com>
Wed, 5 Feb 2020 01:02:54 -0500
Sudo is a very popular, very simple Unix-system sysadmin application. It
enables users to switch identities for the purpose of running a single
command. Usually, but not always, it lets you run a command as the root,
system administrator, user. Sudo's easy to abuse, but it's so darn useful,
until it's not. A recently discovered sudo bug once more spells out why you
should be wary of this command.

In this latest security hole, CVE-2019-18634, Apple Information Security
researcher Joe Vennix discovered that if the "pwfeedback" option is enabled
in your sudoers configuration file, any user, even one who can't run sudo or
is listed in the sudoers file, can crack a system.

https://www.zdnet.com/article/nasty-linux-macos-sudo-bug-found-and-fixed/


Cisco Flaws Put Millions of Workplace Devices at Risk (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Fri, 7 Feb 2020 10:32:15 -0500
To exploit the bugs, attackers would first need a foothold inside a target's
network, but from there they could fan out quickly, compromising one
vulnerable Cisco device after another to bore deeper into a system. And once
attackers controlled a switch or router they could start to intercept
unencrypted network data, like files and some communications, or access a
company's *active directory*, which manages authentication for users and
devices.

“It's still hop by hop. As a hacker, you still need an initial attack vector
into the network,'' says Ang Cui, founder of the IoT security firm Red
Balloon, who has disclosed numerous Cisco bugs. “But once you're there, at
each hop you have the same vulnerability present—all the switches,
firewalls, and routers in a network could be affected by this.  So you're
going to have to own a lot of devices, but once you own all of them you've
literally taken over every single piece of the network.''

https://www.wired.com/story/cisco-cdp-flaws-enterprise-hacking/


Data leakage from portable versions of Open Office and Libre Office

"Arthur T." <risks202002.6.atsjbt@xoxy.net>
Fri, 07 Feb 2020 01:06:34 -0500
Note: this post is Windows-centric. I'm not sure if a similar problem occurs
on other platforms.

Many people run the portable version of Office (Open or Libre) from a
specific location (such as a thumb drive) in order to keep all data off of
other locations (such as the C: drive). This might not be working as
expected.

One of the first things one does in such a case is verify the locations of
default files, temp files, etc. The temp files location is a few directories
down from %temp% (or maybe %tmp%) and probably on C:. So one changes it to a
directory on the same drive where Office resides.  Unfortunately, that
doesn't work. More unfortunately, Office doesn't tell you that it didn't
work.

My first indication was that when I restarted the program, its temp
directory had reverted to within %temp%. I thought that, even though it
remembered other changes, it somehow wasn't remembering that one.

In fact, it's more sinister. Not only is it not remembering it, it's not
using the updated location. When it starts, it immediately creates files in
its temp directory, and it keeps using that same directory until Office is
closed, regardless of what you type in as an override once the program is
running. Really, it shouldn't let you type an override in for that
directory, so you'd know it can't be overridden.

I use Open Office, but web searches suggest: that Libre Office has the same
problem, that it has existed for a long time, and that it has not been
fixed.

For myself, I created a .bat file to reset temp and tmp before starting Open
Office, and that appears to fix the problem. My .bat file to run Office from
drive E: is:

setlocal
set tmp=e:\temp
set temp=e:\temp
start "Open Office on E" "e:\Program
Files\OpenOffice\OpenOfficePortable.exe"
endlocal


Facebook's Bug Bounty Caught a Data-Stealing Spree (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Sun, 9 Feb 2020 21:29:23 -0500
A few months ago, the company disclosed that apps were siphoning data from
up to 9.5 million of its users. It only found out thanks to a bug bounty
submission.

https://www.wired.com/story/facebook-bug-bounty-app-data-stealing/


The `manosphere' is getting more toxic as angry men join the incels (MIT Tech Review)

Monty Solomon <monty@roscom.com>
Sat, 8 Feb 2020 11:42:35 -0500
Men from the less extreme end of the misogynistic spectrum are drifting
toward groups that espouse violence against women, a new study suggests.

https://www.technologyreview.com/s/615155/the-manosphere-is-getting-more-toxic-as-angry-men-join-the-incels/


Explainable AI

Chris Els=C3=A4sser <chris.elsaesser@comcast.net>
Thu, Feb 6, 2020 at 11:55 AM
Geoff, Looking over your recent posts on IS & RISKS, I noticed this at the end
(probably from MIT Tech Review):

Ehsan is part of a small but growing group of researchers trying to make AIs
better at explaining themselves, to help us look inside the black box.  The
aim of so-called interpretable or explainable AI (XAI) is to help people
understand what features in the data a neural network is actually learning
-- and thus whether the resulting model is accurate and unbiased.  [=A6]

Once again, AI is reinvented!

But first, it would be nice if the Tech Review writer (Douglas Heaven) knew
that *interpretable* and *explainable* are not the same thing.

Second, it would be nice if the writer looked at the extensive literature on
explanation in AI systems; goes back to the great-grandparent of AI systems,
MYCIN, and its explanation subsystem. [note: MYCIN's `certainty factors'
were soon supplanted at Stanford by Bayes networks]

Per Geoff Hinton, Deep learning NNs are approximations of (full) Bayesian
classifiers. Explanation of Bayesian inference has long been seen to be in
need of `explanation' (or perhaps `convincing' :-)) because human reason
under uncertainty has often been found to deviate from Bayesian inference
(which is provably optimal).

The earliest reference to explanation of Bayesian inference I've found is
the following (and it should be obvious why I looked no further ;-)):

Elsaesser, Christopher (1987) Explanation of Probabilistic Inference for
Decision Support Systems *Proceedings of the Third Conference on
Uncertainty in Artificial Intelligence (UAI-87),* Morgan Kaufmann, San
Francisco, CA.

That paper reported work I did for my PhD thesis at Carnegie Mellon. My
techniques were substantially improved and extended by Merek Druzdzel. For
example:

Henrion, M. and M. J. Druzdzel (1990). Qualitative and linguistic
explanations of probabilistic reasoning in belief networks. Proceedings of
the Sixth Conference on Uncertainty in Artificial Intelligence, pages 10-20
Cambridge, MA, Association for Uncertainty in AI.

NOT that re-invention is not worthwhile. Just that at least in this case
its nothing new.  :-)


Read the FBI's Damning Case Against the Recently Arrested Nintendo Hacker (Vice)

Monty Solomon <monty@roscom.com>
Tue, 4 Feb 2020 18:03:22 -0500
The hacker who stole from Nintendo for years bragged about it online, and
didn't even try to hide his real name or activities.

https://www.vice.com/en_us/article/akwkk5/read-the-fbis-damning-case-against-the-recently-arrested-nintendo-hacker


Who owns your feelings? Short doc shows how big tech uses AI to track emotions (CBC)

"Matthew Kruk" <mkrukg@gmail.com>
Thu, 6 Feb 2020 18:55:58 -0700
https://www.cbc.ca/news/canada/montreal/stealing-ur-feelings-1.5362954

Watching Noah Levenson's short documentary Stealing Ur Feelings is
undoubtedly intended to be an uncomfortable experience.

The short film, which premiered in Montreal as part of the International
Documentary Festival this week, explains how big business has the capacity
to use artificial intelligence programs and facial recognition software to
track and monitor the emotions of its users.

But he does this by using the same technology against the viewers of the
film.  "It uses facial emotion recognition AI to watch you back. So it
analyzes your face as you react to content it shows you," explained
Levenson.

"So, the film uses the camera in your device to make you the star of the
film."


Photo Roulette on the App Store

Gabe Goldberg <gabe@gabegold.com>
Wed, 5 Feb 2020 00:58:38 -0500
In Photo Roulette you compete with your friends to quickly guess whose photo
is shown! Play with random photos from you (sic) and your friends' phones in
this social and exciting Photo Roulette game! Feel the thrill before each
picture and share the hilarious moments that occur with the pictures of your
friends and family!

https://apps.apple.com/us/app/photo-roulette/id1050443738

Nevermind someone hacking your phone for pictures, play the game and see
what's distributed.


The 'race to 5G' is a myth (WEForum)

geoff goodfellow <geoff@iconia.com>
Fri, 7 Feb 2020 12:26:13 -0700
EXCERPT:

Telecommunications providers relentlessly extol the power of
fifth-generation (5G) wireless technology. Government officials and policy
advocates fret that the winner of the "5G race" will dominate the Internet
of the future, so America cannot afford to lose out. Pundits declare that 5G
will revolutionize the digital world.

<https://www.weforum.org/agenda/2018/01/the-world-is-about-to-become-even-more-interconnected-here-s-how/>
<https://www.cnn.com/2020/01/24/perspectives/america-china-5g-race/index.html>
<https://www.weforum.org/agenda/2019/01/here-s-how-5g-will-revolutionize-the-digital-world/>

It all sounds very thrilling. Unfortunately, the hype has gone too far.  5G
systems will, over time, replace today's 4G, just as next year's iPhone 12
will improve on this year's 11. 5G networks offer significantly greater
transmission capacity. However, despite all the hype, they won't represent a
radical break from the current mobile experience.  First of all, the "race
to 5G" is a myth. 5G is a marketing term for a family of technologies, which
carriers can stretch to cover a variety of networks. The technical standards
are still under development
<https://www.brookings.edu/research/5g-in-five-not-so-easy-pieces/>, so what
counts as "true" 5G is arguable. As with 4G, the 5G rollout will take years,
as carriers upgrade their networks with new gear and users buy new
phones. Just as they do today, connections will fall back to slower speeds
when users aren't near enough to a tower, or if the network is overloaded.
There's no magic moment when a carrier, or a nation, "has" 5G.

Even if there was a race, it's over: South Korea and China have already
built <https://www.cnn.com/2019/11/01/tech/5g-china/index.html> much more
extensive 5G networks than the United States. But that shouldn't be cause
for panic. Customers in those countries may have a leg up on faster
connections, but that doesn't necessarily create a sustainable strategic
advantage. Romania is one of 10 countries with significantly faster
<https://www.speedtest.net/global-index> average fixed broadband connections
than America today, yet no one in Washington seems concerned that will give
Romanian firms a dominant advantage. The major tech platforms delivering
innovative digital services to the world are still based in the United
States and China. There are important concerns
<https://www.cnn.com/2019/12/05/tech/huawei-us-ban-lawsuit/index.html> about
the Chinese networking firm Huawei creating backdoors for surveillance or
tilting the carrier equipment market toward Chinese-defined standards. Your
5G user experience, however, won't depend on who makes the gear in the guts
of the network.  The overheated rhetoric is based on the misconception that
5G heralds a new era of services for end-users. In reality, the claimed
performance—hundreds of megabits or even gigabits per second
-- is misleading. Averages and ideal numbers mask huge variations
depending <https://www.cnn.com/2019/08/09/tech/5g-review/index.html> on
distance to an antenna, obstructions, weather and other factors. The fastest
speeds require "millimeter wave" spectrum, which doesn't penetrate walls or
foliage well, and is generally less reliable than the lower frequencies used
today. Millimeter wave requires a much denser network of antennas, which
could be cost-prohibitive outside dense urban areas. Even if that hurdle is
overcome, a gigabit per second to millions of phones requires a network able
to move traffic at that speed end-to-end, which doesn't exist today. [...]

https://www.cnn.com/2020/02/03/perspectives/5g-disruption/index.html


Not all fun and memes: What's the trouble with TikTok? (CBC)

"Matthew Kruk" <mkrukg@gmail.com>
Thu, 6 Feb 2020 18:57:47 -0700
https://www.cbc.ca/news/technology/tiktok-criticism-expansion-in-canada-1.5336375
It's been a bad week for TikTok.

The Chinese-owned video-sharing app, wildly popular with teens, was forced
to issue a rare public statement about its data security practices and
whether it censors content on behalf of Beijing.

In short, TikTok said it can be trusted with its users' data and that it
doesn't delete videos just because of "sensitivities related to China." But
that's done little to quiet the app's increasingly vocal critics who worry
the platform, with its short lip-sync and comedy videos, is the latest
example of Beijing's overseas intelligence-gathering operation.

Toronto-based privacy advocate Ann Cavoukian told CBC News she is skeptical
of TikTok's defence, because "surveillance among the Chinese is non-stop."


The Night Sky Will Never Be the Same (The Atlantic)

geoff goodfellow <geoff@iconia.com>
Fri, 7 Feb 2020 12:25:16 -0700
*If Elon Musk has his way, thousands of bright artificial lights will
streak through the dark*
EXCERPT:

Last year, Krzysztof Stanek got a letter from one of his neighbors. The
neighbor wanted to build a shed two feet taller than local regulations
allowed, and the city required him to notify nearby residents. Neighbors,
the notice said, could object to the construction. No one did, and the shed
went up.

Stanek, an astronomer at Ohio State University, told me this story not
because he thinks other people will care about the specific construction
codes of Columbus, Ohio, but rather because it reminds him of the network of
satellites SpaceX is building in the space around Earth.  “Somebody puts up
a shed that might obstruct my view by a foot, I can protest.  But somebody
can launch thousands of satellites in the sky and there's nothing I can do?
As a citizen of Earth, I was like, *Wait a minute*.''

Since last spring, SpaceX has launched into orbit dozens of small
satellites—the beginnings of Starlink, a floating scaffold that the
company's founder, Elon Musk, hopes will someday provide high-speed
Internet to every part of the world.
<https://www.theatlantic.com/science/archive/2019/05/spacex-satellites-starlink/590269/>

SpaceX sent a letter too, in a way. After filing for permission to build
its constellation in space, federal regulators held the required comment
period, open to the public, before the first satellites could launch.

These satellites have turned out to be far more reflective than anyone, even
SpaceX engineers, expected. Before Starlink, there were about 200 objects in
orbit around Earth that could be seen with the unaided eye. In less than a
year, SpaceX has added another 240.  “These are brighter than probably 99
percent of existing objects in Earth orbit right now,'' says Pat Seitzer, a
professor emeritus at the University of Michigan who studies orbital
debris. For months, astronomers have shared images online of their
telescopes' fields of view with diagonal white streaks cutting across the
darkness, the distinct appearance of Starlink satellites. More satellites
are now on the way, both from SpaceX and other companies. If, as Musk hopes,
these satellites number in the tens of thousands, ignoring them will be
difficult, whether you're an astronomer or not.

In some ways, these satellites pose a familiar problem, a matter of managing
the competing interests that scientists, commercial companies, and the
public might have in a limited natural resource. But the use of outer space
-- particularly the part in close vicinity to our planet—has never been
tested quite like this before. For most of history, scientists, particularly
those who observe the cosmos on visible wavelengths, have had relatively
little competition for access to the sky. Passing satellites were considered
nuisances and sometimes wrecked data, but they were rare.  Some astronomers
are now calling for legal action but even those who wouldn't push that far
describe Starlink's satellites as a wake-up call: What happens when new and
powerful neighbors have a distinct—and potentially disruptive—plan for
a place you value?...
<https://room.eu.com/news/legal-action-could-be-used-to-stop-starlink-ruining-the-night-say-astronomers>,

[...]
https://www.theatlantic.com/science/archive/2020/02/spacex-starlink-astronomy/606169/


Boeing's Starliner space capsule suffered a second software glitch during December test flight (WashPost)

Monty Solomon <monty@roscom.com>
Fri, 7 Feb 2020 11:14:15 -0500
Boeing's Starliner space capsule suffered a second software glitch during
December test flight

https://www.washingtonpost.com/technology/2020/02/06/boeings-starliner-space-capsule-suffered-second-software-glitch-during-december-test-flight/


Boeing Refuses to Cooperate With New Inquiry into Deadly Crash (NYTimes)

Monty Solomon <monty@roscom.com>
Thu, 6 Feb 2020 14:33:07 -0500
https://www.nytimes.com/2020/02/06/business/boeing-737-inquiry.html

In both the Max accidents and the 2009 crash, which involved a 737 NG,
Boeing's design decisions allowed a single malfunctioning sensor to trigger
a powerful computer command, even though the plane was equipped with two
sensors. For both models, the company had determined that if a sensor
failed, pilots would recognize the problem and recover the plane. But Boeing
did not provide pilots with key information that could have helped them
counteract the automation error.

After the 2009 crash, regulators required airlines to install a software
update for the NG that allowed comparison of data from the two available
sensors ” much the same fix that Boeing has now proposed for the Max. In the
case of the NG, Boeing had developed a software update before the 2009
accident, but it wasn't compatible with all existing models, including the
jet that crashed near Amsterdam.


NASA Shares Initial Findings from Boeing Starliner Orbital Flight Test Investigation (NASA)

Jan Wolitzky <jan.wolitzky@gmail.com>
Mon, 10 Feb 2020 08:17:07 -0500
https://blogs.nasa.gov/commercialcrew/2020/02/07/nasa-shares-initial-findings-from-boeing-starliner-orbital-flight-test-investigation/


Re: Boeing 737s can't land facing west (RISKS-31.54)

Terje Mathisen <terje.mathisen@tmsw.no>
Wed, 5 Feb 2020 11:04:31 +0100
I think this data item, along with the very limited number of identified
problematic runways provide a strong clue:

The flight software splits the circle into quadrants, then for at least one
quadrant boundary the logic to determine which one is broken, i.e.
something like

   if (angle < 270.0) quadrant = 3;
   else if (angle > 270.0) quadrant = 4;

For these particular runways, the planners had enough freedom to be allowed
to place each runway exactly where they wanted and decided to draw a
perfectly straight line <E-W> using RTK GPS surveying so that the actual
direction is 270 degrees exactly, while on all the other "Runway 27"s
(approx) in the world which have been certified for 737 landings, there is a
small but sufficient angular offset.

I would have expected such an error to also happen in the opposite direction
though, that's why I'm guessing at individual code for each boundary.


Re: 99 smartphones ... (RISKS-31.56)

"3daygoaty" <threedaygoaty@gmail.com>
Wed, 5 Feb 2020 11:11:12 +1100
This involved 99 real smart phones running the Google maps app.  Can the
same effect be achieved by simulating the phones on fewer- or one- physical
device(s)?  How easy is it then to tell Google Maps you are somewhere you
actually aren't?

The hack looks like it could be used to flock self-driving cars away from
some route or alternatively, funnel them into some sort of trap.
Self-driving cars likely being rather posh cars might be desirable for car
jacking, say.

The service that allows the authorities to get all green lights driving
across the city for the movement of sensitive freight, high profile people
or prisoners - I would presume their route is fixed and not subject to
traffic?  Gerry Adams came to Melbourne.  They organised 5 routes from the
airport to a certain Irish pub.  At the last minute they picked one of
them.  Can I use the above hack to route Gerry where I want him?


Re: 99 smartphones ,,, (RISKS-31.56)

JC Cantrell <jc@cantrell2.org>
Wed, 05 Feb 2020 23:18:06 -0500
I smell a small business opportunity here.

Got too much traffic on your street? Waze leading others to contribute to
your traffic headaches?

Hire me! I have the wagon, can get the old phones and, for the right price,
will walk your streets at rush hour! Guaranteed to reduce traffic by 10, 20,
or even 30 percent!

Now I just have to subcontract this, but being in California with recent
independent contractor classification troubles, let's just call the whole
thing off.

Another one of my grand schemes shot down.


Re: Artificial intelligence-created medicine to be used on humans for first time (RISKS-31.56)

Mark Thorson <eee@dialup4less.com>
Thu, 6 Feb 2020 11:40:31 -0800
AI assisted with a small part of drug discovery, not quite the breakthrough
suggested by the press.

https://blogs.sciencemag.org/pipeline/archives/2020/01/31/another-ai-generated-drug


Re: AI-created medicine to be used on humans (Stein, R 31.56)

Henry Baker <hbaker1@pipeline.com>
Tue, 04 Feb 2020 16:07:52 -0800
Perhaps they should run the first tests on another AI.

"Typically, drug development takes about five years to get to trial"; here
"trial" means the first class action suit.

Remember the principle: "An AI for an AI".

  [Richard Stein replied:

    Henry—A good aphorism. Nothing like algorithmic retribution --
    recursive payback.  I favor "Dog Fooding" in this case. Would the
    pharmaceutical company's investors or employees subject their children
    to the clinical trial if they qualified as candidates?  RS]


Re: Election Security At The Chip Level (SemiEngineering, RISKS-31.56)

"John R. Levine" <johnl@iecc.com>
4 Feb 2020 17:43:54 -0500
Where I live, they have the info you provided when you registered which
includes your signature and usually height and eye color which the election
officials check.  (I used to be one.) The officials are mostly retired local
folks, and often know who you are anyway.  Very low tech but pretty
effective.

Despite endless disinformation to the contrary, in-person voter fraud is not
a problem and never has been.  If you think about it for two minutes, it's
about the worst possible way to steal an election, one vote at a time with
each vote subject to challenge.  Sensible people steal an election by
bribing the officials so when the polls close they stuff the box full of
enough ballots to ensure that the correct candidate wins.

For an excellent discussion of this technique, read Robert Caro's "Means of
Ascent" which is mostly about how Lyndon Johnson won the 1948 primary that
put him in the Senate.  It includes a long interview with the guy who had
the ballot box.


Re: Should Automakers Be Responsible for Accidents? (Levine, RISKS-31.56)

Gabe Goldberg <gabe@gabegold.com>
Tue, 4 Feb 2020 22:22:53 -0500
And parking tickets imposing automaker liability:

Sorry sir, we've remotely disabled your car, now that it's legally parked in
your garage. Please complete the attached agreement committing to better
behavior, so that we may restore your driving privileges at the end of next
month.

On 2/4/2020 5:07 PM, John Levine wrote:
> In article <16.CMM.0.90.4.1580237212.risko@chiron.csl.sri.com7592> you write:
>> What a strange scheme:
>>
>> Automaker enterprise liability would have useful incentives that driver
>> liability law misses.
>> https://www.cato.org/sites/cato.org/files/serials/files/regulation/2019/3/regulation-v42n1-1.pdf
> I can hardly wait:
>
>    "Sorry, sir, you've had three moving violations so we'll have to ask
>    you to leave the showroom now."

Please report problems with the web pages to the maintainer

Top